Ensuring proper security in a complex multi-zone information technology (IT) environment is complex and error prone. The connections between policies, administration and audit in the aforementioned environment are weak and based on human effort. Managers set policies for the environment. For example, a policy may indicate that servers in a zone of a particular security level (e.g., blue) cannot be directly connected to network or storage logical unit numbers (LUNs) in another zone of a different security level (e.g., green). Managers would set the aforementioned policy because they do not want to connect resources from different colored zones (e.g., blue zone to green zone). The policies are communicated to administrators, who perform manual tasks to correctly configure the connections of new or upgraded servers to other resources in the IT environment, where the correct configuration is based on the policies. Periodically, the IT environment must be audited to verify that servers and other devices are connected properly, according to the policies. Each of the aforementioned processes is labor intensive and error prone.